The absolute worst time to develop a breach response plan is directly after you have discovered a breach. The absolute best way to have your response team fail is to have them untrained on rarely practiced procedures while being overly reliant upon expensive, improperly configured technology. It is proven that humans perform at their least effective under exactly these conditions, making the task of recovery and root-cause analysis far more challenging than it could be. We'll see that by focusing on the people/process functions more than technology when an attack is identified, a measured and practiced response can be smoothly executed, providing the best possible path to remediation. In this session we will discuss this issue from two very different perspectives, firstly from an academic perspective, see the results of exhaustive research into incident response from the organization that coined the term CERT. In contrast we'll here from an experienced practitioner, with lessons learned from real world deployments.

Subscription Preferences:

Incident Response - Practice Makes Perfect - Before an Incident

Request to Republish Content

Incident Response - Practice Makes Perfect - Before an Incident

Email this Content

Incident Response - Practice Makes Perfect - Before an Incident

Michael Theis

Chief Counterintelligence Expert

Theis is chief counterintelligence expert at Carnegie Mellon's CERT Insider Threat Center. Theis has more than 25 years of experience as a counterintelligence supervisory special agent supporting the U.S. intelligence community, and more than 30 years of concurrent computer systems engineering experience. At Carnegie Mellon's CERT Insider Threat Center, Theis focuses on research and development of socio-technical controls in computational endoparacology. Previously, he was the first cyber counterintelligence program manager for the National Reconnaissance Office, where he served as chief of cyber-CI investigations and operations for more than six years.